Modified PcShare backdoor replaces Windows Narrator to gain full control of systems

Security researchers have discovered a modified version of the open source backdoor PcShare which seems to originate from a Chinese advanced persistent threat (APT) group. The malware has been used to target technology firms, and it is deployed via side-loading by a legitimate NVIDIA application. As part of the attack, a Trojanized version of Windows' Narrator screen reading tool is used to gain remote access to systems without the need for credentials. The news comes from researchers at BlackBerry Cylance, and in a blog post the security company explains: "The attackers use a modified version of a Chinese open-source backdoor… [Continue Reading]